Simply because more research (on pentesting) is being put into it.
But GraphQL has nothing in its spec that talks about security. REST is 20 years old and sits on top of a protocol that's well older. GraphQL on top of HTTP is not inherently secure. Same way REST on top of HTTP is not as well.
There's a ton of research on securing HTTP though
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Thanks for that
phil.tech
link.Simply because more research (on pentesting) is being put into it.
But if you directly try to put JSON-serializable query language into Request Body, that is the path to doom.
Of course, GraphQL is always limited by the schema, but it is pretty much autogenerated in Gatsby and Hasura.
But GraphQL has nothing in its spec that talks about security. REST is 20 years old and sits on top of a protocol that's well older. GraphQL on top of HTTP is not inherently secure. Same way REST on top of HTTP is not as well.
There's a ton of research on securing HTTP though